Laser/Hacking: Unterschied zwischen den Versionen
Amir (Diskussion | Beiträge) Keine Bearbeitungszusammenfassung |
|||
| (42 dazwischenliegende Versionen von 2 Benutzern werden nicht angezeigt) | |||
| Zeile 1: | Zeile 1: | ||
For now just a unorganized pastebin to document things that don't fit the mastodon account. | For now just a unorganized pastebin to document things that don't fit the [https://chaos.social/@lazzzzzor mastodon account]. | ||
=== Device | === Device === | ||
We have a BRM 90130 driven by a Ruida Controller (RDC6332G) | |||
=== Links === | |||
==== Manuals ==== | |||
[https://wiki.attraktor.org/images/5/59/BRM_90130_Gebrauchsanleitung.pdf BRM90130 Manual] | |||
[https://torden.ru/wp-content/uploads/2019/03/Rukovodstvo-polzovatelja-RDC6332G-angl..pdf RDC6332G Controller Manual] | |||
==== Reverse Engineering Resources ==== | |||
https://edutechwiki.unige.ch/en/Ruida | |||
https://wiki.fablab-nuernberg.de/w/Diskussion:Nova_35 | |||
https://stefan.schuermans.info/rdcam/messages.html | |||
==== Tools ==== | |||
RD-File interpreter and renderer: https://github.com/kallaballa/rdint | |||
BRM branch of Ctrl-Cut: https://github.com/kallaballa/ctrl-cut/tree/brm | |||
=== Dimensions === | |||
{| class="wikitable" | {| class="wikitable" | ||
|- | |- | ||
| Zeile 26: | Zeile 47: | ||
=== Communication Protocol === | === Communication Protocol === | ||
The protocol can be used in 3 ways. | The protocol can be used in 3 ways. | ||
* USB | * USB | ||
* Network | * Network | ||
| Zeile 32: | Zeile 54: | ||
We didn't get the net- to work (haha) so we are using USB right now. | We didn't get the net- to work (haha) so we are using USB right now. | ||
==== Setup Messages ==== | Someone else already documented the protocol. | ||
Apparently everything is scrambled in some way byte-wise. | |||
https://stefan.schuermans.info/rdcam/messages.html | |||
The descrambling process documented there didn't work for us. | |||
Since different versions of the program seem to use different magic numbers we decided to try to brute-force it. | |||
Turns out it's a new one: <code>0x33</code>. | |||
==== Setup Messages [Still Scrambled] ==== | |||
Notation: | |||
<pre> | |||
< == from the driver | |||
> == from the laser | |||
</pre> | |||
Before sending the job to the lasercutter the driver sends and receives a few preflight messages. | Before sending the job to the lasercutter the driver sends and receives a few preflight messages. | ||
We are unsure if | We are unsure if they change when using the Network but they are omitted when saving a job to a file. | ||
Some consistencies can be found when examining these messages. | |||
The laser always mirrors messages coming from the driver but changes one of the bytes and appends more data. | |||
For example: | |||
< | <pre> | ||
# Message by driver | |||
< 0x69 (i) | |||
< 0x34 (4) | |||
< 0xb8 | |||
< 0x4e (N) | |||
# Response by Laser | |||
> 0x69 (i) <-- mirrored | |||
> 0xb4 <-- always changed from 0x34 to 0xb4 (+128) | |||
> 0xb8 <-- mirrored | |||
> 0x4e (N) <-- mirrored | |||
# More Data | |||
> 0x36 (6) | |||
> 0x2c (,) | |||
> 0xb4 | |||
> 0x76 (v) | |||
> 0x34 (4) | |||
</pre> | |||
===== Click 'Search' [Still Scrambled] ===== | |||
<pre> | |||
< 0x69 (i) | < 0x69 (i) | ||
< 0x34 (4) | < 0x34 (4) | ||
| Zeile 67: | Zeile 129: | ||
> 0x0a | > 0x0a | ||
> 0x14 | > 0x14 | ||
</pre | </pre> | ||
===== Select COM Device ===== | ===== Select COM Device ===== | ||
< | <pre> | ||
< 0x69 (i) | < 0x69 (i) | ||
< 0x34 (4) | < 0x34 (4) | ||
| Zeile 85: | Zeile 147: | ||
> 0x74 (t) | > 0x74 (t) | ||
> 0x34 (4) | > 0x34 (4) | ||
</ | </pre> | ||
===== Sending a Job ===== | |||
<pre> | |||
# Same as first message in 'Click Search' (x2) | |||
< 0x69 (i) | |||
< 0x34 (4) | |||
< 0xb8 | |||
< 0x4e (N) | |||
> 0x69 (i) | |||
> 0xb4 | |||
> 0xb8 | |||
> 0x4e (N) | |||
> 0x36 (6) | |||
> 0x2c (,) | |||
> 0xb4 | |||
> 0x76 (v) | |||
> 0x34 (4) | |||
< 0x69 (i) | |||
< 0x34 (4) | |||
< 0xb8 | |||
< 0x4e (N) | |||
> 0x69 (i) | |||
> 0xb4 | |||
> 0xb8 | |||
> 0x4e (N) | |||
> 0x36 (6) | |||
> 0x2c (,) | |||
> 0xb4 | |||
> 0x76 (v) | |||
> 0x34 (4) | |||
< 0x69 (i) | |||
< 0x34 (4) | |||
< 0xba | |||
< 0x22 (") | |||
> 0x69 (i) | |||
> 0xb4 | |||
> 0xba | |||
> 0x22 (") | |||
> 0xbe | |||
> 0xa4 | |||
> 0x58 (X) | |||
> 0x34 (4) | |||
> 0x34 (4) | |||
# Again, same as first message in 'Click Search' | |||
< 0x69 (i) | |||
< 0x34 (4) | |||
< 0xb8 | |||
< 0x4e (N) | |||
> 0x69 (i) | |||
> 0xb4 | |||
> 0xb8 | |||
> 0x4e (N) | |||
> 0x36 (6) | |||
> 0x2c (,) | |||
> 0xb4 | |||
> 0x76 (v) | |||
> 0x34 (4) | |||
# ??? | |||
< 0x69 (i) | |||
< 0x34 (4) | |||
< 0x38 (8) | |||
< 0x34 (4) | |||
> 0x69 (i) | |||
> 0xb4 | |||
> 0x38 (8) | |||
> 0x34 (4) | |||
> 0x34 (4) | |||
> 0xb2 | |||
> 0x4e (N) | |||
> 0x34 (4) <- This byte changes to 0x40 sometimes... (no idea why, seems to happen when one moves one point of the line in the test job for example.) | |||
> 0x34 (4) | |||
# Again, same as first message in 'Click Search' | |||
< 0x69 (i) | |||
< 0x34 (4) | |||
< 0xb8 | |||
< 0x4e (N) | |||
> 0x69 (i) | |||
> 0xb4 | |||
> 0xb8 | |||
> 0x4e (N) | |||
> 0x36 (6) | |||
> 0x2c (,) | |||
> 0xb4 | |||
> 0x76 (v) | |||
> 0x34 (4) | |||
</pre> | |||
After this the actual job data is sent by the driver. | |||
=== Laserfirmware === | === Laserfirmware === | ||
Nope. | Nope. | ||